Full metadata record
DC FieldValueLanguage
dc.contributor.author王乙澔en_US
dc.contributor.authorWang, Yi-Haoen_US
dc.contributor.author邵家健en_US
dc.contributor.authorZao, Kar-Kinen_US
dc.date.accessioned2014-12-12T02:35:59Z-
dc.date.available2014-12-12T02:35:59Z-
dc.date.issued2012en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT070056503en_US
dc.identifier.urihttp://hdl.handle.net/11536/72778-
dc.description.abstract隨著雲端運算、社群網路的快速發展,多域中的存取控制顯得越來越重要。而在我們的生活中,跨域中的存取控制也隨時隨地的在發生,不論是利用Facebook的授權做為身分驗證去加入一個新的網站,或是利用列印服務去列印放在雲端硬碟上的報告,都是多域中存取控制中一些明顯例子。 除了上述所說這些簡單的應用外,還有需多需要複雜的多域中的存取控制的案例,例如在各醫院間病人病歷的互通,和在緊急災難發生時逃生資訊的釋放。在這些情況,需要嚴格的控管哪些資料能授權,並且確保所有授權都能符合「最小許可權原則」。傳統的多域中的存取控制機制並不符合這些情況的需求。 有鑑於此,本論文提出一個在多域中符合最小許可權原則的存取控制機制。且為了相容於開放標準,我們選擇以OAuth 2.0授權協定做為基礎架構,並做了兩個延伸,加入強制性存取控制和角色的觀念,使OAuth2.0授權伺服器有執行以角色為基礎的存取控制機制的能力,並以此達到最小許可權原則。zh_TW
dc.description.abstractWith the rapid popularity of the cloud computing and social network, multi-domain access control has become more and more important. No matter you regis¬ter new web site with Facebook account, or use print service to print your photo in the cloud, you all need multi-domain access control. In addition to these simple multi-domain access control, nowadays we have many complex multi-domain access control situations, for example, exchange of electronic medical records. The principle of least privilege must be applied to these complex situations to ensure that all of the protected data are rigorously regulated. However, the traditional multi-domain access control doesn't implement mandatory access control, so it couldn't handle these situations. In this research, we propose a multi-domain access control mechanism that implement the principle of least privilege. And in order to be compatible with open standards, we use OAuth2.0 as our infrastructure and propose two extensions. We added a mandatory access control into OAuth2.0 and added role concept into OAuth2.0 scope parameter. With these extensions, the OAuth2.0 authorization server can have the prerogative to limit the scope of information accessible to the usersen_US
dc.language.isozh_TWen_US
dc.subjectOAuthzh_TW
dc.subjectOAuth2.0zh_TW
dc.subject強制性存取控制zh_TW
dc.subject多域中的存取控制zh_TW
dc.subject最小許可權原則zh_TW
dc.subjectOAuthen_US
dc.subjectOAuth2.0en_US
dc.subjectMandatory Access Controlen_US
dc.subjectMulti-Domain Access Controlen_US
dc.subjectPrinciple of Least Privilegeen_US
dc.titleOAuth在多域中以角色為基礎存取控制延展zh_TW
dc.titleOAuth Extension for Multiple-Domain Role Base Access Controlen_US
dc.typeThesisen_US
dc.contributor.department網路工程研究所zh_TW
Appears in Collections:Thesis